Solved

How to map/configure 2 mail servers  behind a firewall on the same lan/subnet

Posted on 2006-06-17
6
238 Views
Last Modified: 2013-11-16
I have a firewall which has 2 mail server's public smtp and pop ips mapped to internal ips  via NAT one-to-one translation on ports 25 and port 110.
Example :
               Mail Server 1
               smtp.abc.com ( 66.92.81.1) map on (port 25) to 192.168.100.5                          
               pop.abc.com ( 66.92.81.2) map on  (port 110) to 192.168.100.6

               Mail Server 2
               smtp.xyz.com  ( 66.92.81.3) map on (port 25) to 192.168.100.10
               pop.xyz.com  ( 66.92.81.4) map on (port 110) to 192.168.100.11

The problem is if I turn both smtp servers on , 1 or the other emails does not work

How how should I map/configure the 2 mail servers or similar ports behind a firewall on the same lan/subnet ?
Whats the right way to do this?
0
Comment
Question by:texter777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16927035
They should work fine just as they are.
What kind of firewall do you have? Perhaps there is something not configured correctly in it?
0
 

Author Comment

by:texter777
ID: 16927388
sonicwall pro 2040.

Mapping one-to-one nat translation.

Rules
---------------
a) Allow  *   192.168.100.5 (LAN) Retrieve E-Mail (POP3)   [exchange server]
b) Allow  * 192.168.100.6 (LAN) Send E-Mail (SMTP)   [gfi mail essentials relay]

c)  Allow  *  192.168.100.10 (LAN) Retrieve E-Mail (POP3)  [mailserver2]
d)  Allow  *  192.168.100.10 (LAN) Send E-Mail (SMTP)  [mailserver2]

e) Allow  *  192.168.100.5 (LAN) Web (HTTP) Allow  [mailserver1]
++For webmail access
f)  Allow  *  192.168.100.10 (LAN) Web (HTTP) Allow  [mailserver2]
++for webmail access
0
 
LVL 1

Expert Comment

by:dlmario
ID: 16927530
Hi texter777,

there schould no problem using multiple SMTP, POP or IMAP servers in the same subnet. Are you sure you are using 4 IP addresse where you are doing NAT from? Why do you NAT your Network, when you have four external addresses?

For me it seems like you are using one external IP (a DSL for example) and doing NAT from this IP to your private subnet, isn´t it?

If not, it should be a setting on your router. Is it possible to do a tcpdump on the mailservers? Are you using linux machines?

However, theoretical there can not be a problem using more than one mailserver in a network segment - providers are doing the same ;-)

/Mario
0
 

Author Comment

by:texter777
ID: 16927549
Guys,
Thanks for your input.
Mario ,
Avoiding external addresess (dual nics) or DMZ , by using one-to-one NAT.
This method has its con side too, but since we have a kickass hardware firewall ,
have chosen to go with one-to-one NAT mapping.

I think Ive found the problem.
Interesting indeed....
The 2 nd mail server SMTP was bound ONLY ON the LAN IP address 192.168.100.10
and not on "All Addresses" .

This excluded the local loop (127.0.0.1),which made it unable for the SMTP to natively transfer the email to the POP3 mailboxes/service.

Hence I wasnt seeing the mail in my pop3 box.

Peace.
Texter

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 17934535
PAQed with points refunded (100)

Computer101
EE Admin
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPv6 and IPv4 Subnetting scheme 4 75
VPN Server 5 51
Can’t disable NAT protocol in Windows Server 2012 3 79
Ping general failure windows 7 5 72
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question